Bug 1214457 – CVE-2015-3150 abrt: abrt-dbus does not guard against crafted problem directory path arguments

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 1214457 - (CVE-2015-3150) CVE-2015-3150 abrt: abrt-dbus does not guard against crafted problem directory path arguments

Summary:	CVE-2015-3150 abrt: abrt-dbus does not guard against crafted problem director...

Status:	CLOSED ERRATA

Aliases:	CVE-2015-3150

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	high Severity high
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=important,public=20150422,repo...
Keywords:	Security

Depends On:	1214609 1214610 1214612 1218236
Blocks:	1211224 1214172
	Show dependency tree / graph

Reported:	2015-04-22 14:20 EDT by Florian Weimer
Modified:	2015-07-10 04:22 EDT (History)
CC List:	8 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	It was discovered that the abrt-dbus D-Bus service did not properly check the validity of the problem directory argument in the ChownProblemDir, DeleteElement, and DeleteProblem methods. A local attacker could use this flaw take ownership of arbitrary files and directories, or to delete files and directories as the root user.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2015-07-09 01:35:22 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2015:1083	normal	SHIPPED_LIVE	Important: abrt security update	2015-06-09 19:48:24 EDT

Groups: None (edit)

Description Florian Weimer 2015-04-22 14:20:27 EDT

It was discovered that the abrt-dbus D-Bus service does not properly
check the validity of the problem directory argument in the
ChownProblemDir, DeleteElement, and DeleteProblem methods.  A local
attacker could use this flaw take ownership of arbitrary files and
directories, or to delete files and directories as the root user.

Acknowledgements:

This issue was discovered by Florian Weimer of Red Hat Product Security.

Comment 3 Jakub Filak 2015-05-05 07:28:39 EDT

These upstream commits fix this cve:
https://github.com/abrt/abrt/commit/b7f8bd20b7fb5b72f003ae3fa647c1d75f4218b7
https://github.com/abrt/abrt/commit/6e811d78e2719988ae291181f5b133af32ce62d8
https://github.com/abrt/abrt/commit/7814554e0827ece778ca88fd90832bd4d05520b1
https://github.com/abrt/libreport/commit/1951e7282043dfe1268d492aea056b554baedb75

Comment 4 errata-xmlrpc 2015-06-09 15:49:17 EDT

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:1083 https://rhn.redhat.com/errata/RHSA-2015-1083.html

Note You need to log in before you can comment on or make changes to this bug.